package com.azure.communication.callautomation.implementation;

import com.azure.core.credential.AzureKeyCredential;
import com.azure.core.http.HttpHeaderName;
import com.azure.core.http.HttpHeaders;
import com.azure.core.http.HttpPipelineCallContext;
import com.azure.core.http.HttpPipelineNextPolicy;
import com.azure.core.http.HttpResponse;
import com.azure.core.http.policy.HttpPipelinePolicy;
import com.azure.core.util.logging.ClientLogger;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Base64;
import java.util.Locale;
import java.util.Objects;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import reactor.core.Exceptions;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/azure/communication/callautomation/implementation/CustomHmacAuthenticationPolicy.class */
public final class CustomHmacAuthenticationPolicy implements HttpPipelinePolicy {
    private static final ClientLogger LOGGER = new ClientLogger(CustomHmacAuthenticationPolicy.class);
    private static final HttpHeaderName X_FORWARDED_HOST = HttpHeaderName.fromString("X-FORWARDED-HOST");
    private static final HttpHeaderName X_MS_DATE_HEADER = HttpHeaderName.fromString("x-ms-date");
    private static final HttpHeaderName X_MS_STRING_TO_SIGN_HEADER = HttpHeaderName.fromString("x-ms-hmac-string-to-sign-base64");
    private static final HttpHeaderName CONTENT_HASH_HEADER = HttpHeaderName.fromString("x-ms-content-sha256");
    static final DateTimeFormatter HMAC_DATETIMEFORMATTER_PATTERN = DateTimeFormatter.ofPattern("E, dd MMM yyyy HH:mm:ss 'GMT'", Locale.US);
    private final AzureKeyCredential credential;
    private final String acsResource;

    public CustomHmacAuthenticationPolicy(AzureKeyCredential azureKeyCredential, String str) {
        Objects.requireNonNull(azureKeyCredential, "'clientCredential' cannot be a null value.");
        this.credential = azureKeyCredential;
        this.acsResource = str;
    }

    public Mono<HttpResponse> process(HttpPipelineCallContext httpPipelineCallContext, HttpPipelineNextPolicy httpPipelineNextPolicy) {
        Flux just = httpPipelineCallContext.getHttpRequest().getBody() == null ? Flux.just(ByteBuffer.allocate(0)) : httpPipelineCallContext.getHttpRequest().getBody();
        if (!"https".equals(httpPipelineCallContext.getHttpRequest().getUrl().getProtocol())) {
            return Mono.error(new RuntimeException("AzureKeyCredential requires a URL using the HTTPS protocol scheme"));
        }
        try {
            URL url = (URL) httpPipelineCallContext.getData("hmacSignatureURL").filter(obj -> {
                return obj instanceof URL;
            }).map(obj2 -> {
                return (URL) obj2;
            }).orElse(httpPipelineCallContext.getHttpRequest().getUrl());
            return just.collect(() -> {
                try {
                    return MessageDigest.getInstance("SHA-256");
                } catch (NoSuchAlgorithmException e) {
                    throw LOGGER.logExceptionAsError(Exceptions.propagate(e));
                }
            }, (v0, v1) -> {
                v0.update(v1);
            }).flatMap(messageDigest -> {
                addAuthenticationHeaders(this.acsResource, url, httpPipelineCallContext.getHttpRequest().getHttpMethod().toString(), messageDigest, httpPipelineCallContext.getHttpRequest().getHeaders());
                return httpPipelineNextPolicy.process();
            });
        } catch (RuntimeException e) {
            return Mono.error(e);
        }
    }

    private void addAuthenticationHeaders(String str, URL url, String str2, MessageDigest messageDigest, HttpHeaders httpHeaders) {
        String encodeToString = Base64.getEncoder().encodeToString(messageDigest.digest());
        httpHeaders.set(X_FORWARDED_HOST, str);
        httpHeaders.set(HttpHeaderName.HOST, str);
        httpHeaders.set(CONTENT_HASH_HEADER, encodeToString);
        String format = OffsetDateTime.now(ZoneOffset.UTC).format(HMAC_DATETIMEFORMATTER_PATTERN);
        httpHeaders.set(X_MS_DATE_HEADER, format);
        addSignatureHeader(url, str2, httpHeaders, format, str, encodeToString);
    }

    private void addSignatureHeader(URL url, String str, HttpHeaders httpHeaders, String str2, String str3, String str4) {
        String str5 = str2 + ";" + str3 + ";" + str4;
        String path = url.getPath();
        if (url.getQuery() != null) {
            path = path + '?' + url.getQuery();
        }
        String str6 = str.toUpperCase(Locale.US) + "\n" + path + "\n" + str5;
        byte[] decode = Base64.getDecoder().decode(this.credential.getKey());
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(decode, "HmacSHA256"));
            httpHeaders.set(HttpHeaderName.AUTHORIZATION, "HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature=" + Base64.getEncoder().encodeToString(mac.doFinal(str6.getBytes(StandardCharsets.UTF_8))));
            httpHeaders.set(X_MS_STRING_TO_SIGN_HEADER, Base64.getEncoder().encodeToString(str6.getBytes(StandardCharsets.UTF_8)));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw LOGGER.logExceptionAsError(new RuntimeException(e));
        }
    }
}
